Lucene search
K

343 matches found

CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin PublishPress Revisions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.3CVSS5.9AI score0.00248EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/20 8:48 p.m.7 views

WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PublishPress Revisions versions = 3.7.23...

9.3CVSS5.9AI score0.00248EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/19 9:17 p.m.5 views

CVE-2026-27454

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS0.00388EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 8:39 p.m.5 views

EUVD-2026-13188

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 8:39 p.m.4 views

CVE-2026-27454 Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 8:39 p.m.20 views

CVE-2026-27454

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS5.8AI score0.00388EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/03/19 8:39 p.m.20 views

CVE-2026-27454 Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS0.00388EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 8:39 p.m.5 views

CVE-2026-27454 Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS5.9AI score0.00388EPSS
Exploits0References6
CVE
CVE
added 2026/03/19 8:39 p.m.7 views

CVE-2026-27454

Discourse before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allowed unauthorized access to hidden post revisions via GET /posts/:id.json?version=X because display_post called post.revert_to without verifying revision visibility or editor permissions. The root cause was missing authorizati...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/19 5:32 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Vault secrets back-end implementation. An attacker can modify secret revisions without proper authorization by leveraging access as an authenticated unit agent and possessing sufficient information about...

7.6CVSS5.9AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 5:32 p.m.9 views

EUVD-2026-12817

Juju has unauthorized update of out-of-scope Vault secrets...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 5:32 p.m.11 views

GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Discourse versions prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security vulnerabilitie...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26358

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2,...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References9
NVD
NVD
added 2026/03/18 1:16 p.m.12 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS0.00166EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/18 1:16 p.m.4 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS6.4AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 12:35 p.m.23 views

CVE-2026-32692

The CVE-2026-32692 entry describes an authorization bypass in the Vault secrets back-end of Juju (versions 3.1.6–3.6.18). An authenticated unit agent can perform unauthorized updates to secret revisions, potentially poisoning existing secret revisions within the Vault secret back-end. Metrics ind...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/18 12:35 p.m.34 views

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:35 p.m.6 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/18 12:35 p.m.6 views

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS6.4AI score0.00166EPSS
Exploits0References5
Rows per page
Query Builder